Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Skill Safe Install
v2.0.1Skills 安全安装工具 - 整合 Vetter 代码审查 + ClawHub 评分 + ThreatBook 沙箱扫描三层验证
⭐ 0· 358·4 current·4 all-time
by想开电动车@chj0w0
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match what the package does: it vetts skill code, queries ClawHub for ratings, and uploads a packaged skill to ThreatBook for sandboxing. Required binaries (node, curl, tar, zip) and THREATBOOK_API_KEY are appropriate for the documented functionality.
Instruction Scope
The runtime instructions and the included script download the target skill via `clawhub install`, scan files locally, then package and upload the skill to the external ThreatBook sandbox. That behavior can leak entire skill source trees (possibly containing sensitive code or secrets). The README suggests aliasing/wrapping `clawhub install` in your shell to force-check every install, which would cause automatic uploads of all skills to the third-party sandbox. The SKILL.md also instructs writing the API key to ~/.openclaw/.env (which is not the same as exporting an env var), a potential operational mismatch.
Install Mechanism
There is no remote install step — the script is included in the skill bundle (scripts/safe-install.mjs), so nothing is fetched/installed from arbitrary URLs at install time. The script uses child_process/execSync to run clawhub and other shell commands, which is expected for a wrapper tool but increases runtime risk if invoked with elevated privileges or used as an automatic wrapper.
Credentials
The only required env var is THREATBOOK_API_KEY (primary credential), which is justified for uploading files to ThreatBook. However: 1) Uploading skill archives to a third-party sandbox will transmit potentially sensitive code/data. 2) The README suggests storing the key in ~/.openclaw/.env rather than exporting it; unless your runtime sources that file, the script may not see the key. 3) The script runs `clawhub` commands which may require ClawHub credentials (CLAWHUB_TOKEN) in some environments—this token is mentioned only as optional in docs, but failure to authenticate could change behavior. These are proportional to the stated purpose but present privacy/operational concerns.
Persistence & Privilege
The skill does not set always:true and does not auto-enable itself. However, SKILL.md recommends adding an alias/function to ~/.bashrc that overrides `clawhub` to route installs through this tool; if a user follows that, it effectively forces the tool into all install workflows and increases its blast radius. The skill itself does not automatically persist or modify other skills' configs, but the recommended integration pattern can create persistent, automatic behavior.
What to consider before installing
This skill appears to do what it says (local vetting + ClawHub rating + ThreatBook sandbox), but it will package and upload entire skill code to a third‑party service. Before installing, consider: 1) Do not alias/overwrite your `clawhub` command system-wide until you’ve tested the script — that alias would make every install automatically upload code to ThreatBook. 2) Review scripts/safe-install.mjs yourself to confirm exactly what is uploaded and whether temporary directories are cleaned. 3) Be careful about placing sensitive or proprietary skills behind this flow; the tool warns not to upload secrets, but it is your responsibility to prevent that. 4) The README suggests echoing the API key into ~/.openclaw/.env — ensure your runtime actually loads that file or export the env var in your shell/CI so the script can authenticate. 5) Use --dry-run first and run the tool in a controlled environment (non-prod user) to observe behavior. If you must use it in CI, restrict the scanned artifacts to non-sensitive samples or ensure ThreatBook usage complies with your privacy policies.Like a lobster shell, security has layers — review code before you run it.
latestvk979y50082ch1f83t9s7857ytd81ym5h
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
Binsnode, curl, tar, zip
EnvTHREATBOOK_API_KEY
Primary envTHREATBOOK_API_KEY